Modbus Security – New Protocol to Improve Control System Security

Modbus Security – New Protocol to Improve Control System SecurityeMail1182Tweet

In August of 2018, Modbus.org published the Modbus Security protocol. The use of secure protocols is a fundamental component in efforts to secure Industrial Control System (ICS) traffic. Secure protocols can mitigate many common cyber-attacks, including replay and man in the middle exploits.

The new protocol will provide robust protection through the blending of Transport Layer Security (TLS) with the traditional Modbus protocol. TLS was selected as it is a well-known, widely accepted internet standard. TLS will encapsulate Modbus packets to provide both authentication and message integrity protection. The new protocol leverages X.509v3 digital certificates for authentication of the server and client. The protocol also supports the transmission of role based access control information utilizing an X.509v3 extension to authorize the request of the client. Modbus Security will utilize a new port – traditional Modbus uses port 502, the new Modbus Security protocol will utilize port 802.

Protocol interoperability was demonstrated in May of 2017 at an interoperability event attended by four Modbus.org member companies. Products leveraging the new protocol are expected to be available in the market in 2019. For more information, refer to the Modbus.org website.

Unfortunately, as far as I can tell, this won’t address the issue of sensor spoofing. As far as I can see (from a cursory reading of the documentation – http://modbus.org/docs/MB-TCP-Security-v21_2018-07-24.pdf) the security is only applied once the sensor data is encapsulated into TLS. There are plenty of opportunities for ‘bad dudes’ to cause mayhem prior to this stage of data transmission.